Geek Answers Handbook

Redirect to page containing # (hash) after login

I am using Spring Security and wondering how I can implement redirection after succesfull login to the original page if this page contains the # (hash) sign.

Right now I am using always-use-default-target="false" and it works fine on the url: /path/to/page/ .

But when the URL becomes #/path/to/page , it does not make any redirects.

Is there any way to fix this?

+8
spring spring-mvc spring-security
source share
2 answers

Here is the solution I used at the end:

 $(document).ready(function(){ $('#auth-form').submit(function() { var el = $(this); var hash = window.location.hash; if (hash) el.prop('action', el.prop('action') + '#' + unescape(hash.substring(1))); return true; }); });

This snippet adds a hash to the action attribute of the authorization form and Spring redirects you to a URL like: #/path/to/page without any problems.

+11
source share

This may be an old question, but during my recent research on this topic, I found that the problem is common and still exists (especially in the case of modern AngularJS front-end applications with integrated security). I would like to share my decision with you.

On the login page, for example, /login.html, place the following code before the </body> :

 <script type="text/javascript"> var hash = window.location.hash; document.cookie="hashPart=" + window.btoa(hash); </script>

Note (1): The btoa () function works in IE> = 10 ( http://www.w3schools.com/jsref/met_win_btoa.asp ), the equivalent of jQuery is used for older browsers.

Note (2): encryption of the # part of the URL is required, as it may contain special characters that cannot be stored in the cookie value string.

On the server side, you need to change the onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) method for a class that implements the AuthenticationSuccessHandler interface.

In my case, I just extend the SavedRequestAwareAuthenticationSuccessHandler class and override the onAuthenticationSuccess method using its source code. Then I get the hashPart cookie value from the request, decrypt it and add it to the allowed redirect URL. My code snippet is below:

 @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException { // ... copy/paste original implementation here, until ... // Use the DefaultSavedRequest URL String targetUrl = savedRequest.getRedirectUrl(); for (Cookie cookie : req.getCookies()) { if (cookie.getName().equals("hashPart")) { targetUrl += new String(Base64Utils.decodeFromString(cookie.getValue())); cookie.setMaxAge(0); // clear cookie as no longer needed response.addCookie(cookie); break; } } getRedirectStrategy().sendRedirect(request, response, targetUrl); }

Finally, just enter your success handler class in the Spring security configuration, as described in: https://stackoverflow.com/a/330576/ ...

I look forward to your comments or other solutions to this problem.

+2
source share

More articles:


All Articles